Chat now with support
Chat with Support

Password Manager 5.9.7 - Administration Guide (AD LDS Edition)

About Password Manager Getting Started Upgrading Password Manager Password Manager Architecture
Password Manager Components and Third-Party Solutions Typical Deployment Scenarios Password Manager in Perimeter Network Management Policy Overview Password Policy Overview reCAPTCHA Overview User Enrollment Process Overview Questions and Answers Policy Overview Data Replication Phone-Based Authentication Service Overview Configuring Management Policy
Management Policies
Checklist: Configuring Password Manager Understanding Management Policies Configuring Access to the Administration Site Configuring Access to the Self-Service Site Configuring Access to the Helpdesk Site Configuring Questions and Answers Policy Workflow overview Custom workflows Custom Activities Self-Service Workflows Helpdesk Workflows User Enforcement Rules
General Settings
General Settings Overview Search and Logon Options Import/Export Configuration Settings Outgoing Mail Servers Diagnostic Logging Scheduled Tasks Web Interface Customization Instance Reinitialization Realm Instances AD LDS Instance Connections Extensibility Features RADIUS Two-Factor Authentication Unregistering users from Password Manager Working with Redistributable Secret Management account Email Templates
Password Policies One Identity Starling Reporting Appendix A: Accounts Used in Password Manager for AD LDS Appendix B: Open Communication Ports for Password Manager for AD LDS Appendix C: Customization Options Overview Glossary

Web Interface Customization

Web Interface Customization provides a simple and convenient way to customize the appearance of the Self-Service and Helpdesk sites. For example, you can change the company and product logos, splash screen logos, and modify the color scheme.

The default Product logo and the Company logo specific to Legacy Self Service site are transparent images which are not applicable to the Password Manager Self-Service site. Hence, the transparent images may appear to be missing in the Password Manager Self-Service site.

Enabling Self-Service UI 5.9.7

The following options appear only in case of an Inplace Upgrade of Password Manager to version 5.9.7 since inplace upgrade is the only upgrade which retains the Legacy Self Service site along with the Password Manager Self Service site(Self-Service UI version 5.9.5 onwards).

  • Maintain Self-service site (pre-5.9.5)
  • Switch to Self-service site (5.9.5 onwards)

IMPORTANT:

  • The default product logo and the company logo image used in the Legacy Self Service site may not be compatible with the Password Manager Self Service site as there is a limitation to the pixels in the image.
  • Users could apply any valid custom product logo and company logo to the Legacy Self service site and the same gets applied on the Password Manager Self-service site (Self Service UI 5.9.5 onwards).

To replace product and company logos with custom images

  1. On the home page of the Administration site, click General Settings, and then click the Web Interface Customization tab.
  2. Under the Product logo (all interfaces and versions) option, click Upload to browse your custom image. The uploaded image appears as a preview. Note, the image size must be 400 by 48 pixels and the image must be saved as a PNG with transparency.
  3. Under the Company logo (all interfaces and versions) option, click Upload to browse your custom image. The uploaded image appears as a preview. Note, the image size must be 210 by 48 pixels and the image must be saved as a PNG with transparency.
  4. Click Save.

NOTE: When you click Reset to Default, the customized product logo/ company logo gets reset to default.

To replace splash screen product and company logos with custom images

  1. On the home page of the Administration site, click General Settings, and then click the Web Interface Customization tab.
  2. Under the Splash Screen Product logo (Self-Service UI 5.9.5 onwards) option, click Upload to browse your custom image. The uploaded image appears as a preview. Note, that the image size must be 600 by 150 pixels and the image must be saved as a PNG with transparency. The Splash Screen Product logo appears as soon as you launch the self-service and help-desk sites.
  3. Under the Splash Screen Company logo (Self-Service UI 5.9.5 onwards) option, click Upload to browse your custom image. The uploaded image appears as a preview. Note, the image size must be 400 by 200 pixels and the image must be saved as a PNG with transparency.
  4. Click Save.

NOTE: When you click Reset to Default, the customized product logo/ company logo gets reset to default.

To replace large product logo for the helpdesk site

  1. Under the Large product logo (Helpdesk site logon page) option, click Upload to browse your custom image. The uploaded image appears as a preview. Note, the image size must be 440 by 70 pixels and the image must be saved as a PNG with transparency.
  2. Click Save.

NOTE: When you click Reset to Default, the customized product logo/ company logo gets reset to default.

By modifying the color scheme you can customize the appearance of the Self-Service and Helpdesk sites to fit your corporate standards. Each color scheme offers a main color, page title, text, hyperlink, icon, button, button text and error text colors. The main color defines the logo bar color.

To modify the color scheme

  1. On the home page of the Administration site, click General Settings, and then click the Web Interface Customization tab.
  2. Under the Color scheme option, select the required color scheme for the Self-Service and Helpdesk sites.
  3. To preview the selected color scheme on the Password Manager self-service site, click Preview (Self-Service UI version 5.9.5 onwards) link.
  4. To preview the selected color scheme on the Legacy self-service site and helpdesk site, click Preview (Self-Service UI / Helpdesk pre 5.9.3) link.
  5. To adjust your own color scheme, click Custom and navigate to various components listed for the customization of the helpdesk site and the legacy self service site. The components that can be customized are Main color, page title color, text color, hyperlink color, icon color, button color, button text color, error text color.
  6. Click Save.

NOTE:

  • Reset to Default option resets the customized components and resets it back to the default in the Helpdesk site and the Legacy self service site.
  • Custom color scheme cannot be applied to the Password Manager Self service site (Self-Service UI version 5.9.5 onwards)

Feedback Form

Feedback form is introduced in Password Manager Self service site (Self-Service UI version 5.9.5 onwards). The feedback form allows the users of the Password Manager Self service site to share the feedback on the user experience.

NOTE: No personal information of the users are collected and stored, and the survey is anonymous. By default, the Feedback form in enabled in the Password Manager Self service site.

To enable or disable feedback option

  1. On the home page of the Administration site, click General Settings, and then click the Web Interface Customization tab.
  2. In the Customize the appearance of the Self-Service and HelpDesk sites section, switch the toggle key in the Self-Service feedback form (5.9.5 onwards) to enable or disable the feedback option. By default, the feedback option is enabled.
  3. Click Save.

Instance Reinitialization

This section provides information on how to reinitialize an instance of Password Manager Service. Reinitialization means changing any of the settings you specified during initialization: the certificate for encrypting traffic between the standalone Self-Service and Helpdesk sites and the Password Manager Service, port number, encryption algorithm and key length, and hashing algorithm.

You may want to reinitialize the Password Manager instance to change any of the settings you specified when initializing the instance.

Modifying Service Connection Settings

Using service connection settings you can specify the following:

  • Certificate name - use this setting to enter the name of the certificate for authentication and traffic encryption the Password Manager Service and the web sites (Self-Service and Helpdesk). By default, Password Manager uses a built-in certificate issued by One Identity for this purpose. If you install the web sites on a standalone server, it is recommended to replace the default certificate with a custom certificate issued by a trusted Windows-based authentication authority.

For more information on obtaining and installing custom certificates, see Specifying Custom Certificates for Authentication and Traffic EncryptionBetween Password Manager Service and Web Sites.

To modify the service connection settings

  1. On the home page of the Administration site, click General Settings, and then click the Reinitialization tab.
  2. Under Service connection settings, from the Certificate name drop-down list, select the required certificate for authentication and traffic encryption between the Web sites (Self-Service and Helpdesk) and the Password Manager Service.
  3. In the Port number text box, enter the port number you want the Web sites to use to connect to the Password Manager Service.
  4. Click Save.

Modifying Advanced Settings

Using the advanced settings you can specify the following:

  • Encryption algorithm - use this setting to select the encryption algorithm that is used to encrypt users’ answers to secret questions and other security sensitive information. You can select from two options: Triple DES and AES. By default, Password Manager uses Triple DES algorithm to encrypt data. Note, that users’ answers will be encrypted if the “Store answers using reversible encryption” option is selected in the Q&A Profile settings. Otherwise, the answers will be hashed.
  • Encryption key length - use this setting to select whether a 192-bit or 256-bit encryption key will be used.
  • Attribute for storing Q&A profiles - use this setting to enter the attribute name that will be used for storing Q&A profile data. By default, Password Manager stores Q&A profile data in the comment attribute of each user's account and the configuration data in the comment attribute of a configuration storage account, which is automatically created when installing Password Manager.

    IMPORTANT:

    If you change encryption settings and the attribute for storing Q&A profiles, the current instance will be excluded from a realm it belongs to and users may lose their Q&A profiles.

    When you change these settings, do the following to keep users’ Q&A profiles:

    • Export the current configuration when saving updated instance settings.
    • Update Q&A profiles using the Migration wizard (upload the exported configuration to the wizard) on the current instance.
    • To replicate new settings and updated Q&A profiles export the updated configuration from the current instance and import the configuration to other instances.

    If you do not use the Migration wizard to update users’ Q&A profile after changing the settings, users will have to re-register with Password Manager.

  • Hashing algorithm - use this setting to select the hashing algorithm that will be used to hash users’ answers to secret questions. The following algorithms are available: MD5 and SHA-256. By default, Password Manager uses SHA-256 hashing algorithm. Password Manager will hash users’ answers if “Store answers using reversible encryption”option is not selected in the Q&A Profile settings.

    IMPORTANT: If you change the hashing algorithm, the selected algorithm will be applied to newly created Q&A profiles only. Existing Q&A profiles will be hashed with the previously selected algorithm.

To modify the advanced settings

  1. On the home page of the Administration site, click General Settings|Reinitialization, and expand the Advanced settings section.
  2. From the Encryption algorithm drop-down list, select the encryption algorithm for encrypting users’ answers to secret questions and other security sensitive data.
  3. From the Encryption key length drop-down list, select whether a 192-bit or 256-bit encryption key will be used to encrypt data.
  1. From the Hashing algorithm drop-down list, select the algorithm that will be used to hash users’ authentication answers.
  1. In the Select the attribute of user’s account in Active Directory in which user’s Questions and Answers profile and Corporate phone will be stored section, provide the following data.
    1. Security questions - Enter the required security question.
    2. Corporate Phone - Enter the mobile number of the user.
    3. Corporate email - Enter the corporate's email id of the user.
  2. Click Save.

Once you click Save, Reinitialize Instance dialog box appears.

  1. In the Reinitialize Instance dialog box, a password is generated for the configuration file that you should export to update users’ Q&A profiles and click Export

  2. Click Save.

To update users’ Q&A profiles with new instance settings

Before running the Migration Wizard, update the following attributes in the Migration Wizard\Resources\productinfo.xmlfile:

  • <productNameFull> - One Identity Password Manager for AD LDS
  • <productNameShort> - Password Manager for AD LDS
  • <realmType> - ADLDS

The values specified above can be also copied from One Identity\Password Manager for AD LDS\Service\Resources\productinfo.xml.

  1. Run the Migration wizard from the Password Manager CD autorun window.
  2. On the Welcome page, select the Update users’ Q&A profiles with new instance settings task.
  3. On the next page, upload the configuration file you exported when reinitializing the instance. Click Browse to select the file, enter the password you specified for the file, and click Next.
  4. Select users whose Q&A profiles you want to update and click Next. To select groups, click Add and do the following:
    • In the Add Groups dialog box, enter the group name, select the application directory partition from the list and click Search.
    • Select the required groups in the list and click Save.
  5. On the next page, do one of the following and click Next:
    1. Security Questions- Provide the required security questions.
    2. Corporate Phone- Provide the required corporate phone
    3. Corporate email, Personal email, and Personal phone fields are not editable.
  6. On the status page, click View the report for detailed information to view a detailed account of updating profiles. If you updated Q&A profiles in test mode, click Update Q&A profiles in production mode.

After you have updated the Q&A profiles with new instance settings, join other instances to this realm by exporting the configuration from the current instance and importing it to other instances. For more information on how to import and export configuration settings, see Import/Export Configuration Settings.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating